Data Exfiltration Attempt

Low Escalated

ALR-00141 · 2026-05-26T02:13:15Z

Description

Large data transfer (2.3GB) to cloud storage from SRV-BACKUP-01 by user 'm.taylor'. Cloud Connector DLP policy triggered — sensitive documents detected.

Alert Metadata

Alert ID: ALR-00141
Timestamp: 2026-05-26T02:13:15Z
Severity: Low
Status: Escalated
Detection Source: Cloud Connector
Assigned Analyst: EmilyAI (auto)

Endpoint Information

Hostname: SRV-BACKUP-01
User Account: m.taylor
Source IP: 194.105.62.32
Destination IP: 10.1.31.234
Origin Country: RU Russia

MITRE ATT&CK Mapping

Tactic: Exfiltration
Technique: T1567.002
Reference: attack.mitre.org/techniques/T1567.002

Investigation Timeline

02:13:15 Event ingested by SOC365 Engine

02:13:17 EmilyAI triage started — correlation enrichment

02:13:28 EmilyAI confidence: 78% — escalated to human analyst

02:13:51 Alert assigned to analyst: EmilyAI (auto)

02:14:59 Investigation started — querying SIEM and threat intelligence

02:23:03 Containment action taken — endpoint isolated

02:31:13 Alert resolved — remediation complete

Related Alerts

ID	Time	Alert	Severity	Status	Host
ALR-00290	2h ago	Data Exfiltration Attempt	High	Investigating	VM-DEV-01
ALR-00161	2h ago	Data Exfiltration Attempt	High	Open	WS-LAP-010
ALR-00066	4h ago	Certificate Anomaly	Low	Escalated	SRV-BACKUP-01
ALR-00236	8h ago	DecoyPulse Honeypot Triggered	Low	False Positive	SRV-BACKUP-01
ALR-00190	12h ago	Data Exfiltration Attempt	Medium	False Positive	SW-CORE-01